After I set up a DN42 WHOIS server with Nginx , I configured my DN42 Looking Glass to use this service. As my Looking Glass is capable of running as a Telegram bot, fellow group members are looking up WHOIS information of IPs and domains with it. But soon we noticed a problem. A significant part of members have applied for ASNs and IP ranges on the public Internet after they're familiar enough with DN42, and they're peering at Internet Exchange Points. Therefore, they often need to lookup some public Internet IPs, ASNs, and domains, yet none of the Telegram bots in our group can do so. It would be quite helpful for us if there exists a WHOIS server that proxies lookups to relevant registries. Proxying is exactly what Nginx is good at. With some modifications to Nginx,...

In my previous post, " Setting up Gopher Site with Nginx ", I mentioned that the Gopher service is a byproduct of my original plan: modifying Nginx into a WHOIS server for DN42. This post will explore into details of that process. The WHOIS Protocol First, we can find a WHOIS server to observe its response. Choose the WHOIS server for .pub domain as an example, and run telnet whois.nic.pub 43 : # Type following line and hit enter lantian.pub # WHOIS server responded with: Domain Name: lantian.pub Registry Domain ID: c69e5ccf9d834900be26f88fddc5c9e4-DONUTS Registrar WHOIS Server: whois.dnspod.cn Registrar URL: https://www.dnspod.cn Updated Date: 2021-01-07T14:09:11Z Creation Date: 2016-10-23T08:36:41Z Registry Expiry Date: 2029-10-23T08:36:41Z Registrar: DNSPod, Inc....

Changelog 2021-03-24: Improve post-processing, add scripts for parsing links and images. 2021-03-21: Initial version. What's Gopher Gopher is a protocol born in the early ages of the Internet. It was invented at the University of Minnesota in 1991, with a purpose similar to HTTP today. The protocol itself is extremely simple: Client connects to TCP port 70 of the server, and send one line of URL ending with CRLF, e.g. some_dir/hello.txt Server sends data of the requested file and closes the connection. And we're done. The server could be returning a text file, a picture, a binary file, or a Gopher list file called Gophermap with special formatting. Each line of the file is composed of the following fields: A character representing the type of this line, may it be text ( i ),...

My various servers host different services, each with its own username/password system, making unified management difficult. If my password were compromised in the future, changing them individually would be extremely tedious. Therefore, I want to use a dedicated service to manage usernames and passwords, with all other services obtaining authentication information from it. LDAP is one of the commonly used authentication protocols. Not only do many applications natively support it (including Jenkins, pfSense, etc.), but through plugins, nginx can also support it, adding unified authentication management to any web-based service. Adding the Plugin If your nginx is compiled from source, adding the LDAP plugin only requires three steps: apk add openldap-dev git clone https://github....

OpenSSL provides experimental support for TLS 1.3 in its latest beta version, including a series of performance and security optimizations. The latest nginx 1.13 series has also added relevant options for TLS 1.3. However, since TLS 1.3 is still in draft status, there are some challenges to overcome when using it now: TLS 1.3 currently has three draft versions (18, 19, 20) implemented by OpenSSL and others, but they are mutually incompatible, and no SSL library combines all three. Browsers like Chrome and Firefox widely use draft version 18, but this version of OpenSSL doesn't support TLS extensions, which are required for Certificate Transparency. Although the latest nginx-ct plugin adds Certificate Transparency support for TLS 1.3, due to issue #2,...

Latest news from the CloudFlare blog ( http://blog.cloudflare.com/google-now-factoring-https-support-into-ranking-cloudflare-on-track-to-make-it-free-and-easy ) indicates that Google may factor in SSL support as a positive ranking signal. Therefore, I've enabled SSL for my blog. Applying for a Certificate SSL requires a certificate on the server side. It's best not to generate this certificate yourself, as most browsers will flag it as untrusted. StartSSL is currently the only trusted certificate authority that issues free SSL certificates recognized by most browsers. You can follow the steps in this article: http://www.freehao123.com/startssl-ssl/ . In practice, since StartSSL connections can be slow, following the wizard might cause the process to hang. If it hangs,...